Included below is the out put from doing a "yum install selinux-policy*" while in enforcing mode:
[root@old1 root]# yum install selinux-policy* Gathering header information file(s) from server(s) Server: Fedora Core 2 - i386 - Base Server: Fedora Core 2 - Development Tree Server: Fedora Core 2 - i386 - Released Updates Finding updated packages Downloading needed headers Resolving dependencies Dependencies resolved I will do the following: [install: selinux-policy-targeted 1.13.1-1.noarch] [install: selinux-policy-strict 1.13.1-1.noarch] [install: selinux-policy-strict-sources 1.13.1-1.noarch] [install: selinux-policy-targeted-sources 1.13.1-1.noarch] Is this ok [y/N]: y Downloading Packages Getting selinux-policy-targeted-1.13.1-1.noarch.rpm selinux-policy-targeted-1 100% |=========================| 25 kB 00:00 Getting selinux-policy-strict-1.13.1-1.noarch.rpm selinux-policy-strict-1.1 100% |=========================| 1.1 MB 00:08 Getting selinux-policy-strict-sources-1.13.1-1.noarch.rpm selinux-policy-strict-sou 100% |=========================| 1.3 MB 00:12 Getting selinux-policy-targeted-sources-1.13.1-1.noarch.rpm selinux-policy-targeted-s 100% |=========================| 252 kB 00:01 Running test transaction: Test transaction complete, Success! selinux-policy-strict 100 % done 1/6 Can't open '/etc/selinux/strict/policy/policy.17': Permission denied selinux-policy-targeted 100 % done 2/6 Can't open '/etc/selinux/targeted/policy/policy.17': Permission denied selinux-policy-strict-sources 100 % done 3/6 make: Entering directory `/etc/selinux/strict/src/policy' /usr/sbin/load_policy /etc/selinux/strict/policy/policy.`cat /selinux/policyvers` Can't open '/etc/selinux/strict/policy/policy.17': Permission denied make: *** [tmp/load] Error 2 make: Leaving directory `/etc/selinux/strict/src/policy' selinux-policy-targeted-sources 100 % done 4/6 make: Entering directory `/etc/selinux/targeted/src/policy' /usr/sbin/load_policy /etc/selinux/targeted/policy/policy.`cat /selinux/policyvers` Can't open '/etc/selinux/targeted/policy/policy.17': Permission denied make: *** [tmp/load] Error 2 make: Leaving directory `/etc/selinux/targeted/src/policy' warning: /etc/security/selinux/policy.17 saved as /etc/security/selinux/policy.17.rpmsave warning: /etc/security/selinux/file_contexts saved as /etc/security/selinux/file_contexts.rpmsave Erasing: policy 5/6 warning: /etc/security/selinux/src/policy/users saved as /etc/security/selinux/src/policy/users.rpmsave warning: /etc/security/selinux/src/policy/file_contexts/program/seuser.fc saved as /etc/security/selinux/src/policy/file_contexts/program/seuser.fc.rpmsave Erasing: policy-sources 6/6 Installed: selinux-policy-targeted 1.13.1-1.noarch selinux-policy-strict 1.13.1-1.noarch selinux-policy-strict-sources 1.13.1-1.noarch selinux-policy-targeted-sources 1.13.1-1.noarch Transaction(s) Complete [root@old1 root]#
Richard Hally
I am also having problems installing the new selinux stuff
I wonder if the main problem is a missing /etc/selinux/config file which probably tells pieces of the system which of the policy-strict, etc. files to use (??)
I updated my system and did a 'yum install policy*` (maybe also selinux-policy* too)
- Also saw error messages (but also 'success') during yum run.
[root@hoho2 user1]# date Sat May 29 14:33:39 CDT 2004 [root@hoho2 user1]# /sbin/fixfiles relabel /sbin/fixfiles: line 23: /etc/selinux/config: No such file or directory
[root@hoho2 user1]# ls -l /etc/selinux total 16 drwxr-xr-x 5 root root 4096 May 29 12:05 strict drwxr-xr-x 5 root root 4096 May 29 12:06 targeted [root@hoho2 user1]#
--- I am also getting a flock of console messages of the form: --- --- (I thought doing a 'fixfiles relabel' would clear these up, but.. --
inode_doinit_with_dentry: context_to_sid(user_u:object_r:user_tmp_t) returned 22 for dev=sda2 ino=6094897 inode_doinit_with_dentry: context_to_sid(user_u:object_r:user_tmp_t) returned 22 for dev=sda2 ino=6094944 inode_doinit_with_dentry: context_to_sid(user_u:object_r:user_tmp_t) returned 22 for dev=sda2 ino=6094946 inode_doinit_with_dentry: context_to_sid(user_u:object_r:user_tmp_t) returned 22 for dev=sda2 ino=6094908
---- additional info ---
[root@hoho2 user1]# od -c /selinux/enforce 0000000 0 0000001 [root@hoho2 user1]#
[user1@hoho2 user1]$ cat /proc/version Linux version 2.6.6-1.397smp (bhcompile@tweety.build.redhat.com) (gcc version 3. 3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 SMP Fri May 28 11:34:11 EDT 2004 [user1@hoho2 user1]$
[root@hoho2 selinux]# pwd /etc/security/selinux [root@hoho2 selinux]# ls -l total 51056 -rw-r--r-- 1 root root 86904 May 29 12:13 file_contexts -rw-r--r-- 1 root root 88310 May 11 10:03 file_contexts.rpmnew -rw-r--r-- 1 root root 87205 May 26 12:56 file_contexts.rpmsave -rw-r--r-- 1 root root 7408105 May 29 12:13 policy.15 -rw-r--r-- 1 root root 7383775 May 20 21:37 policy.15.rpmsave -rw-r--r-- 1 root root 7409842 May 29 12:13 policy.16 -rw-r--r-- 1 root root 7385512 May 20 21:37 policy.16.rpmsave -rw-r--r-- 1 root root 7410154 May 29 12:13 policy.17 -rw-r--r-- 1 root root 7409751 May 11 10:03 policy.17.rpmnew -rw-r--r-- 1 root root 7434273 May 26 12:56 policy.17.rpmsave drwx------ 3 root root 4096 May 7 10:24 src [root@hoho2 selinux]#
BobG
On Fri, 28 May 2004 14:34:30 -0400, Richard Hally wrote:
Included below is the out put from doing a "yum install selinux-policy*" while in enforcing mode:
[root@old1 root]# yum install selinux-policy* Gathering header information file(s) from server(s) Server: Fedora Core 2 - i386 - Base Server: Fedora Core 2 - Development Tree Server: Fedora Core 2 - i386 - Released Updates Finding updated packages Downloading needed headers Resolving dependencies Dependencies resolved I will do the following: [install: selinux-policy-targeted 1.13.1-1.noarch] [install: selinux-policy-strict 1.13.1-1.noarch] [install: selinux-policy-strict-sources 1.13.1-1.noarch] [install: selinux-policy-targeted-sources 1.13.1-1.noarch] Is this ok [y/N]: y Downloading Packages Getting selinux-policy-targeted-1.13.1-1.noarch.rpm selinux-policy-targeted-1 100% |=========================| 25 kB 00:00 Getting selinux-policy-strict-1.13.1-1.noarch.rpm selinux-policy-strict-1.1 100% |=========================| 1.1 MB 00:08 Getting selinux-policy-strict-sources-1.13.1-1.noarch.rpm selinux-policy-strict-sou 100% |=========================| 1.3 MB 00:12 Getting selinux-policy-targeted-sources-1.13.1-1.noarch.rpm selinux-policy-targeted-s 100% |=========================| 252 kB 00:01 Running test transaction: Test transaction complete, Success! selinux-policy-strict 100 % done 1/6 Can't open '/etc/selinux/strict/policy/policy.17': Permission denied selinux-policy-targeted 100 % done 2/6 Can't open '/etc/selinux/targeted/policy/policy.17': Permission denied selinux-policy-strict-sources 100 % done 3/6 make: Entering directory `/etc/selinux/strict/src/policy' /usr/sbin/load_policy /etc/selinux/strict/policy/policy.`cat /selinux/policyvers` Can't open '/etc/selinux/strict/policy/policy.17': Permission denied make: *** [tmp/load] Error 2 make: Leaving directory `/etc/selinux/strict/src/policy' selinux-policy-targeted-sources 100 % done 4/6 make: Entering directory `/etc/selinux/targeted/src/policy' /usr/sbin/load_policy /etc/selinux/targeted/policy/policy.`cat /selinux/policyvers` Can't open '/etc/selinux/targeted/policy/policy.17': Permission denied make: *** [tmp/load] Error 2 make: Leaving directory `/etc/selinux/targeted/src/policy' warning: /etc/security/selinux/policy.17 saved as /etc/security/selinux/policy.17.rpmsave warning: /etc/security/selinux/file_contexts saved as /etc/security/selinux/file_contexts.rpmsave Erasing: policy 5/6 warning: /etc/security/selinux/src/policy/users saved as /etc/security/selinux/src/policy/users.rpmsave warning: /etc/security/selinux/src/policy/file_contexts/program/seuser.fc saved as /etc/security/selinux/src/policy/file_contexts/program/seuser.fc.rpmsave Erasing: policy-sources 6/6 Installed: selinux-policy-targeted 1.13.1-1.noarch selinux-policy-strict 1.13.1-1.noarch selinux-policy-strict-sources 1.13.1-1.noarch selinux-policy-targeted-sources 1.13.1-1.noarch Transaction(s) Complete [root@old1 root]#
Richard Hally
fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Sat, 2004-05-29 at 15:49, Bob Gustafson wrote:
I wonder if the main problem is a missing /etc/selinux/config file which probably tells pieces of the system which of the policy-strict, etc. files to use (??)
Yes, you need to create it manually at present, I think. It replaces /etc/sysconfig/selinux (so you still need a SELINUX=enforcing line) and adds a SELINUXTYPE= definition to indicate the active policy (e.g. strict or targeted).
I updated my system and did a 'yum install policy*` (maybe also selinux-policy* too)
You need an updated libselinux, policycoreutils, and SysVinit in addition to selinux-policy-strict or selinux-policy-targeted. And you need to relabel to get the right types on the /etc/selinux tree.
-
On Thu, 3 Jun 2004 16:41, Valdis.Kletnieks@vt.edu wrote:
What globs are runaway?
On Wed, 2 Jun 2004, Stephen Smalley wrote:
You need an updated libselinux, policycoreutils, and SysVinit in addition to selinux-policy-strict or selinux-policy-targeted. And you need to relabel to get the right types on the /etc/selinux tree.
Now I am confused. I did yum search selinux and got:
Available package: selinux-doc.noarch 0:1.10-1 from base matches with SELinux documentation Available package: selinux-doc.noarch 0:1.10-1 from base matches with selinux-doc Available package: policy-strict-sources.noarch 0:1.11.3-3 from base matches with SELinux example policy configuration source files Available package: libselinux-devel.i386 0:1.11.4-1 from base matches with Header files and libraries used to build SELinux Available package: libselinux-devel.i386 0:1.11.4-1 from base matches with libselinux-devel 5 results returned
There is a policy-strict-sources, but no selinux-policy-strict or selinux-policy-targeted. I don't have an /etc/selinux directory, and I don't have some of the other things you assume I should have. What I do have is:
[tmolina@dad tmolina]$ rpm -qa|grep selinux libselinux-1.11.4-1 [tmolina@dad tmolina]$ rpm -qa|grep policy policy-1.11.3-3 checkpolicy-1.10-1 policycoreutils-1.11-2 policy-sources-1.11.3-3
I also did a yum install policy* as the other person did, so I am not sure what happened. Fedora Core 2 was inadvertently not installed with the recommended selinux, it was updated later and relabeled. Where are the referenced rpms? My system is stock in that regard and points at the default yum/up2date repositories.
Should I reinstall from scratch, or can I find and install the "right" stuff from this point?
On Thu, 2004-06-03 at 06:34, Thomas Molina wrote:
I also did a yum install policy* as the other person did, so I am not sure what happened. Fedora Core 2 was inadvertently not installed with the recommended selinux, it was updated later and relabeled. Where are the referenced rpms? My system is stock in that regard and points at the default yum/up2date repositories.
Should I reinstall from scratch, or can I find and install the "right" stuff from this point?
The changes that are being discussed are occurring in the development tree, and are intended for inclusion in FC3. To obtain them, you need to uncomment the development entry in /etc/yum.conf (and preferably add some mirror sites too). But only do this if you truly want to experiment with the bleeding edge.
On Thu, 03 Jun 2004 08:24:08 -0400 Stephen Smalley sds@epoch.ncsc.mil wrote:
The changes that are being discussed are occurring in the development tree, and are intended for inclusion in FC3. To obtain them, you need to uncomment the development entry in /etc/yum.conf (and preferably add some mirror sites too). But only do this if you truly want to experiment with the bleeding edge.
Thanks. The installation in question is my "stable" configuration. I believe I will wait for FC3 Test 1 and install that on my "test" setup, where I play with bleeding edge stuff.
selinux@lists.fedoraproject.org